Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/3udgh7II_50YBleEf6fkE6-EKpw.roa
File:                     3udgh7II_50YBleEf6fkE6-EKpw.roa (raw, json)
Hash identifier:          OrL+N1GjNTiKDY1fJY420WL+rO1dVX6qpnS9nuDKZt4=
Subject key identifier:   DE:E7:60:87:B2:08:FF:9D:18:06:57:84:7F:A7:E4:13:AF:84:2A:9C
Certificate issuer:       /CN=7df132df13e4be53d8250c8c48420264eef6c14c
Certificate serial:       018CC802CD73C35026B8D943CDC51E9D5DF3
Authority key identifier: 7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/3udgh7II_50YBleEf6fkE6-EKpw.roa
Signing time:             Tue 02 Jan 2024 02:31:15 +0000
ROA not before:           Tue 02 Jan 2024 02:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58174
IP address blocks:        85.204.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:cd:73:c3:50:26:b8:d9:43:cd:c5:1e:9d:5d:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7df132df13e4be53d8250c8c48420264eef6c14c
        Validity
            Not Before: Jan  2 02:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dee76087b208ff9d180657847fa7e413af842a9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:01:9d:fe:ec:79:f7:e9:01:a1:3f:44:53:b2:
                    b6:c6:29:9c:bb:b0:e1:ea:dc:fa:ff:9f:fa:22:62:
                    8e:d4:ce:92:69:47:4c:19:0f:6c:60:ee:0e:f3:8c:
                    51:59:99:ec:ac:7d:a9:84:ea:96:69:d5:74:e1:15:
                    09:1f:1a:c3:85:1c:fa:12:a5:33:04:bc:35:d1:9d:
                    2f:81:59:64:d2:48:5a:c7:b2:9e:a9:e7:d2:24:88:
                    e8:e9:5e:c5:f1:08:96:94:4f:06:d2:ab:08:98:fb:
                    a8:3b:3c:cb:ef:24:33:b4:93:2a:1c:a1:3f:bd:90:
                    d9:12:85:c3:96:48:c2:7b:3f:57:55:31:fc:58:47:
                    44:8e:92:d9:9b:47:fc:fd:be:f9:0d:ff:ee:37:15:
                    e0:2f:23:d8:07:b7:4d:85:06:a8:f0:c3:6a:59:7c:
                    01:be:cf:01:09:b4:d4:f7:81:9d:59:44:45:dc:86:
                    4c:05:bf:07:91:89:31:78:11:4f:6d:4c:92:37:4d:
                    34:da:6c:27:bb:f4:ef:bc:09:fa:b0:68:82:60:4a:
                    50:eb:fe:c8:1c:76:66:c0:26:02:2e:2c:95:3b:70:
                    7e:ea:ae:d1:73:fc:28:8c:0c:5b:b0:be:2a:93:85:
                    45:50:8b:ae:30:94:95:9c:8a:53:e4:56:4f:ed:3e:
                    8f:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:E7:60:87:B2:08:FF:9D:18:06:57:84:7F:A7:E4:13:AF:84:2A:9C
            X509v3 Authority Key Identifier:
                keyid:7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/3udgh7II_50YBleEf6fkE6-EKpw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:af:23:ff:0a:33:f7:ba:d8:a7:91:6a:dc:e7:6a:69:6c:9d:
         04:f9:3b:ea:c5:6c:ed:73:92:9a:98:6e:eb:5d:3d:e0:e3:87:
         20:ea:4e:b2:ab:24:1e:18:4a:73:3f:78:22:82:a4:55:ba:e1:
         8d:ab:51:40:03:c6:57:1c:0d:b4:55:af:1d:f2:4d:b1:03:b6:
         a2:92:bf:35:46:d4:f2:42:f7:c3:ad:69:d4:f1:1d:cd:3d:cf:
         1f:fe:4d:b9:ed:b8:d4:42:ed:7d:c5:ed:21:63:a8:a0:90:d8:
         6f:5c:c3:11:48:6e:1f:2d:b5:60:89:28:48:1a:bc:e6:c5:c7:
         66:2b:48:9a:4b:34:59:31:c7:d6:8d:d3:15:f0:e4:07:64:75:
         58:88:3b:1e:ca:eb:04:27:c8:ed:9b:e6:dc:1d:5e:90:97:67:
         4e:c6:cd:3c:62:bb:4c:b9:30:56:54:1a:fe:72:e2:e5:2c:20:
         da:67:ee:92:ad:35:3f:66:0e:b5:60:cf:4f:fb:f4:b0:ad:54:
         2d:ef:4a:3b:98:ad:43:61:34:f3:cf:19:42:c1:83:62:13:a0:
         58:ea:9f:cc:be:7e:3a:96:1c:b5:76:24:2d:e0:b5:ca:7b:3f:
         1a:f9:5d:05:ce:3a:7f:24:0c:5f:90:5e:db:23:21:bd:89:7e:
         81:ef:22:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAs1zw1AmuNlDzcUenV3zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjEzMmRmMTNlNGJlNTNkODI1MGM4YzQ4NDIwMjY0ZWVm
NmMxNGMwHhcNMjQwMTAyMDIzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWU3NjA4N2IyMDhmZjlkMTgwNjU3ODQ3ZmE3ZTQxM2FmODQyYTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjgGd/ux59+kBoT9EU7K2ximcu7Dh
6tz6/5/6ImKO1M6SaUdMGQ9sYO4O84xRWZnsrH2phOqWadV04RUJHxrDhRz6EqUz
BLw10Z0vgVlk0khax7KeqefSJIjo6V7F8QiWlE8G0qsImPuoOzzL7yQztJMqHKE/
vZDZEoXDlkjCez9XVTH8WEdEjpLZm0f8/b75Df/uNxXgLyPYB7dNhQao8MNqWXwB
vs8BCbTU94GdWURF3IZMBb8HkYkxeBFPbUySN0002mwnu/TvvAn6sGiCYEpQ6/7I
HHZmwCYCLiyVO3B+6q7Rc/wojAxbsL4qk4VFUIuuMJSVnIpT5FZP7T6PmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN7nYIeyCP+dGAZXhH+n5BOvhCqcMB8GA1UdIwQY
MBaAFH3xMt8T5L5T2CUMjEhCAmTu9sFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYt
OTc3ODY3NGVkYzk3LzEvM3VkZ2g3SUlfNTBZQmxlRWY2ZmtFNi1FS3B3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYtOTc3ODY3NGVkYzk3
LzEvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcxEMA0G
CSqGSIb3DQEBCwUAA4IBAQCmryP/CjP3utinkWrc52ppbJ0E+TvqxWztc5KamG7r
XT3g44cg6k6yqyQeGEpzP3gigqRVuuGNq1FAA8ZXHA20Va8d8k2xA7aikr81RtTy
QvfDrWnU8R3NPc8f/k257bjUQu19xe0hY6igkNhvXMMRSG4fLbVgiShIGrzmxcdm
K0iaSzRZMcfWjdMV8OQHZHVYiDseyusEJ8jtm+bcHV6Ql2dOxs08YrtMuTBWVBr+
cuLlLCDaZ+6SrTU/Zg61YM9P+/SwrVQt70o7mK1DYTTzzxlCwYNiE6BY6p/Mvn46
lhy1diQt4LXKez8a+V0Fzjp/JAxfkF7bIyG9iX6B7yK6
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:37:19 2024 by rpki-client on console-fra.rpki-client.org